ALT-BU-2020-4004-1
Branch p9 update bulletin.
Closed vulnerabilities
BDU:2020-01963
Уязвимость браузера Tor, связанная с неконтролируемым расходом ресурса, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2020-10592
Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (CPU consumption), aka TROVE-2020-002.
Modified: 2024-11-21
CVE-2020-15572
Tor before 0.4.3.6 has an out-of-bounds memory access that allows a remote denial-of-service (crash) attack against Tor instances built to use Mozilla Network Security Services (NSS), aka TROVE-2020-001.
- https://blog.torproject.org/new-release-tor-03511-0428-0436-security-fixes
- https://blog.torproject.org/new-release-tor-03511-0428-0436-security-fixes
- https://gitlab.torproject.org/tpo/core/tor/-/issues/33119
- https://gitlab.torproject.org/tpo/core/tor/-/issues/33119
- https://trac.torproject.org/projects/tor/wiki/TROVE
- https://trac.torproject.org/projects/tor/wiki/TROVE
Modified: 2024-11-21
CVE-2020-8516
The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not verify that a rendezvous node is known before attempting to connect to it, which might make it easier for remote attackers to discover circuit information. NOTE: The network team of Tor claims this is an intended behavior and not a vulnerability
- https://lists.torproject.org/pipermail/tor-dev/2020-February/014146.html
- https://lists.torproject.org/pipermail/tor-dev/2020-February/014146.html
- https://lists.torproject.org/pipermail/tor-dev/2020-February/014147.html
- https://lists.torproject.org/pipermail/tor-dev/2020-February/014147.html
- https://security-tracker.debian.org/tracker/CVE-2020-8516
- https://security-tracker.debian.org/tracker/CVE-2020-8516
- https://trac.torproject.org/projects/tor/ticket/33129
- https://trac.torproject.org/projects/tor/ticket/33129
- https://www.hackerfactor.com/blog/index.php?/archives/868-Deanonymizing-Tor-Circuits.html
- https://www.hackerfactor.com/blog/index.php?/archives/868-Deanonymizing-Tor-Circuits.html
Closed vulnerabilities
Modified: 2024-11-21
CVE-2019-14462
An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1.5. There is an out-of-bounds read for the MODBUS_FC_WRITE_MULTIPLE_COILS case, aka VD-1302.
- https://github.com/stephane/libmodbus/commit/5ccdf5ef79d742640355d1132fa9e2abc7fbaefc
- https://github.com/stephane/libmodbus/commit/5ccdf5ef79d742640355d1132fa9e2abc7fbaefc
- https://libmodbus.org/2019/stable-and-development-releases/
- https://libmodbus.org/2019/stable-and-development-releases/
- [debian-lts-announce] 20211122 [SECURITY] [DLA 2825-1] libmodbus security update
- [debian-lts-announce] 20211122 [SECURITY] [DLA 2825-1] libmodbus security update
- FEDORA-2019-4942e01cdc
- FEDORA-2019-4942e01cdc
- FEDORA-2019-355f6e10c1
- FEDORA-2019-355f6e10c1
Modified: 2024-11-21
CVE-2019-14463
An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1.5. There is an out-of-bounds read for the MODBUS_FC_WRITE_MULTIPLE_REGISTERS case, aka VD-1301.
- https://github.com/stephane/libmodbus/commit/5ccdf5ef79d742640355d1132fa9e2abc7fbaefc
- https://github.com/stephane/libmodbus/commit/5ccdf5ef79d742640355d1132fa9e2abc7fbaefc
- https://libmodbus.org/2019/stable-and-development-releases/
- https://libmodbus.org/2019/stable-and-development-releases/
- [debian-lts-announce] 20211122 [SECURITY] [DLA 2825-1] libmodbus security update
- [debian-lts-announce] 20211122 [SECURITY] [DLA 2825-1] libmodbus security update
- FEDORA-2019-4942e01cdc
- FEDORA-2019-4942e01cdc
- FEDORA-2019-355f6e10c1
- FEDORA-2019-355f6e10c1
Closed bugs
Обновить до последней версии
Зависит от QtWebKit